September 8, 2017
Don't Pay the Ransom!!
Ransomware made big news in the summer of 2017. Specifically, the WannaCry and PetraWrap outbreaks in June and July raised awareness of the global reach of the ransomware threat to data and systems of individuals, universities, and corporations. But what happens if you get caught by ransomware?
Don't Feed the Ransomware Economy
If you get infected with ransomware, you should take the same stance as countries do when it comes to dealing with terrorism - do not negotiate and do not give in.
If your system becomes infected with ransomware, Information Security strongly advises against paying any ransom for a number of reasons:
- Payment fuels the development of further tools, more campaigns, and funds other types of crime that have a direct impact on all of us
- Paying the ransom increases the likelihood of further attacks against yourself, the University, and others
- Payment is no guarantee that data will be released...these are criminals after all and cannot be trusted
- After paying ransom to unlock your files, you can no longer trust the integrity of your data...how do you know it has not been altered?
- After paying ransom you can no longer trust the security of your system...it could contain additional malware, backdoors, or other malicious code which will lead to further attacks
Any systems infected should be removed from the University network immediately to prevent the spread of the malware. The system must be reimaged completely before it can reconnect to the network. Once reimaged, user data should be restored from known good backups.
The Best Defense is Good Offense
So how do you defend yourself against a pervasive threat like ransomware? Simple - follow these simple information security best practices to greatly reduce your risk of getting hit.
- Use Anti-virus software on all of your systems and keep it up to date. This applies to Macs and Linux systems as well - they are not immune.
- Apply operating system and application updates [1]as soon as possible.
- Take regular backups of your data and keep them somewhere safe. Consider storing them off-site to protect against physical threats as well.
- Use Central Storage or Microsoft OneDrive for University data. CCS central file storage (CFS) is regularly backed up and can be restored very quickly.
- Practice safe web browsing habits - keep your browser and extensions patched, do not click on pop-ups, use a pop-up blocker, avoid clicking on unknown links, and only visit known trustworthy sites.
- Practice safe email habits - know how to spot a phishing message [2], verify links before clicking on them, know how to spot a fake login page [3], and check our Phishing and Scams feed [4] regularly
Written by: Stephen Willem (Manager, CCS Information Security)